Saturday, 31 October 2020

SharePoint 2013 - Scope, Requesting And Granting App Permissions

 Introduction

In this article, we will explore SharePoint 2013 apps security - Managing app permissions functionality to a SharePoint site.

Scope

    If you have started creating a new SharePoint app in SharePoint 2013 which requires permissions to write into one or many lists of the host-web, you instantly realize that it is not possible to specify which Lists/Libraries should be given permissions to write.

    That is because the Security model (controllable via the AppManifest.xml) does not work like that, but rather uses “Scope” as follows.

    Steps

    Open the Manifest Designer view (double-click the AppManifest.xml file). On the General tab, the Title text box should show the app name that you typed in "New app"  text box. Choose the Permissions tab to add the following permission requests for the app (see Figure ).

    • In the first row of the Permission requests list, in the Scope column, choose Statusing in the drop-down list. In the Permission column, choose SubmitStatus.




    • Requesting and granting app permissions

      The Permissions tab of the app manifest designer supplied by Microsoft Visual Studio makes it easy to add and configure permission requests without having to work with the XML elements directly. The screenshot in Figure shows what the Permissions tab looks like when you are configuring permission requests. You are not required to make direct edits to the AppManifest.xml file to add permission requests.


    There are several different types of permissions that an app can request in SharePoint 2013. The below table provides a listing of more common ones that can be used in app development in SharePoint 2013.

    Table - Permission types in SharePoint 2013

    Object typeScope URIRights
    Tenancyhttp://sharepoint/content/tenantRead, Write, Manage, FullControl
    Site collectionhttp://sharepoint/content/sitecollectionRead, Write, Manage, FullControl
    Host webhttp://sharepoint/content/sitecollection/webRead, Write, Manage, FullControl
    Listshttp://sharepoint/content/sitecollection/web/listRead, Write, Manage, FullControl
    Searchhttp://sharepoint/searchQueryAsUserIgnoreAppPrincipal
    BCShttp://sharepoint/bcs/connectionRead
    Managed metadatahttp://sharepoint/taxonomyRead, Write
    Social corehttp://sharepoint/social/coreRead, Write, Manage, FullControl
    Social tenancyhttp://sharepoint/social/tenantRead, Write, Manage, FullControl
    Microsofeedhttp://sharepoint/social/microfeedRead, Write, Manage, FullControl


    Note

    It is worth noting that running with app-only permissions is only possible when using external authentication. Executing calls from an app with app-only permissions is not possible when using internal authentication. Therefore, running with app-only permissions is not possible from SharePoint-hosted apps. Calls from a SharePoint-hosted app always require that app permissions and user permissions succeed.

    No comments:

    Post a Comment

    SharePoint 2013 - Uploading Multiple Attachments To The New Item On List Using JSOM And REST API

      Introduction In this article, we will explore how we can attach multiple attachments to the new item on list using JSOM and REST API. Ther...